Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How to get mountd to pass through checkpoint firewall

Posted on 2010-11-25
4
Medium Priority
?
2,241 Views
Last Modified: 2012-05-10
Hi All,

would someone be able to tell me how do I get NFS ports (particularly mountd) to pass through a Checkpoint R70 firewall? They are being blocked by Implied rules.

Ideally I'd like to be able to do this without changing the order in which the implied rules are applied to my rule base but if thats the only way then I'd like to find out what the repercussions could be on the rest of my rules.

Many thanks!
0
Comment
Question by:yellowteam
  • 2
  • 2
4 Comments
 
LVL 80

Expert Comment

by:arnold
ID: 34215160
You should configure a VPN (remote) connection and access the NFS over the VPN.

Opening ports for NFS:
http://forums.freebsd.org/showthread.php?t=5123

There are different options depending on which NFS mode you use nfs3, or 4.
0
 

Author Comment

by:yellowteam
ID: 34215612
Hi there, sorry I should have mentioned that this is between two internal networks that are seperated by this firewall
0
 
LVL 80

Accepted Solution

by:
arnold earned 2000 total points
ID: 34218199
You would then need to setup a set of rules on the firewall to allow the  UDP/TCP traffic between the interface segments outlined in the link from the earlier post.

sunrpc            111/tcp         rpcbind      #SUN Remote Procedure Call
sunrpc            111/udp         rpcbind      #SUN Remote Procedure Call
nfsd-status      1110/tcp   #Cluster status info
nfsd-keepalive      1110/udp   #Client status info
nfsd            2049/tcp   nfs            # NFS server daemon
nfsd            2049/udp   nfs            # NFS server daemon
lockd            4045/udp   # NFS lock daemon/manager
lockd            4045/tcp

0
 

Author Comment

by:yellowteam
ID: 34218561
Hi There
Thanks for that, I've now gotten it working
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question